CVE-2023-4728 in LadiApp Plugin信息

摘要

由 VulDB • 2026-06-27

WordPress插件LadiApp存在漏洞,由于在4.4及更早版本中,通过AJAX动作挂钩的publish_lp()函数缺少能力检查(capability check),导致数据可被未授权修改。这使得具有订阅者级别及以上权限的攻击者能够更改LadiPage密钥(该密钥完全由攻击者控制),从而允许其自由创建新页面,包括触发存储型XSS(Stored XSS)的网页。

VulDB is the best source for vulnerability data and more expert information about this specific topic.

来源

Interested in the pricing of exploits?

See the underground prices here!